VARIoT IoT vulnerabilities database

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device. Zyxel NAS 326 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. There is a trust management vulnerability in ZyXEL NAS 326 5.21 and earlier versions, which originates from the lack of an effective trust management mechanism in the network system or product. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs. Zyxel NAS 326 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. Remote authentication attackers can exploit this vulnerability to execute arbitrary code through tjp6jp6y4, simZysh, and ck6fup6API. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing code segments from external input data

A directory traversal vulnerability in the file browser component on the Zyxel NAS 326 version 5.21 and below allows a lower privileged user to change the location of any other user's files. Zyxel NAS 326 Contains a path traversal vulnerability.Information may be tampered with. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. The vulnerability originates from the failure of network systems or products to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories

An XSS vulnerability in the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to inject arbitrary JavaScript or HTML via the user, group, and file-share description fields. Zyxel NAS 326 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZyxelNAS326 is a dual-disc personal cloud storage device from Zyxel. A cross-site scripting vulnerability exists in ZyxelNAS3265.21 and earlier. ZyXEL NAS 326 is a NAS (Network Attached Storage) device produced by ZyXEL Corporation of Taiwan, China. There is a cross-site scripting vulnerability in ZyXEL NAS 326 5.21 and earlier versions, which is caused by the lack of correct verification of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. TP-Link TL-WR940N Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-Link TL-WR940N and the TP-Link TL-WR941ND are both wireless routers from China Unicom (TP-Link). A buffer overflow vulnerability exists in TP-LINK TL-WR940N and TL-WR941ND. This vulnerability is caused when the network system or product performs operations on memory and does not correctly verify the data boundary, resulting in an error being performed to other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. Eclipse Kura Contains a path traversal vulnerability.Information may be obtained. Eclipse Kura is prone to the following vulnerabilities: 1. A directory traversal vulnerability 2. An information disclosure vulnerability 3. An XML External Entity injection information disclosure vulnerability Attackers can exploit these issues to obtain sensitive information that may aid in further attacks. Eclipse Kura through 4.0.0 are vulnerable

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". Systemd is a Linux-based system and service manager for Lennart Poettering software developers in Germany. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A license and access control vulnerability exists in the systemdv242-rc4 release that stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit this vulnerability to gain access to webmasters. 8) - aarch64, ppc64le, s390x, x86_64 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1668521 - CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" 1740657 - [RFE] NUMA aware CPU affinity setting in systemd unit files 1755287 - localectl set-locale should issue an error message when trying to set a nonexistent locale 1764282 - systemd[XXXXX]: Failed to connect to API bus: Connection refused 1812972 - backport request: allow instantiated units to be enabled via presets 1819868 - systemd excessively reads mountinfo and udev is dense OpenShift environments 1845534 - CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits 1862714 - LIBSYSTEMD_VERSION value format change crashes systemd-python pip install 1865840 - systemd-tmpfiles request for backport 1868831 - FreezerState is incorrectly updated on system running cgroup v1 1868877 - Enabling the smack feature on the host may cause the container to fail to start 1870638 - RFE: Add an option to Socket units to clear the data before listening again 1871139 - [systemd] systemd-resolved.service:33: Unknown lvalue 'ProtectSystems' in section 'Service' 1880270 - "Failed to start user service, ignoring" when masking user@.service 1885553 - "systemd --user" can dump core upon session closing 1887181 - Backport PassPacketInfo= support into systemd of RHEL 8 1888912 - SELinux policy change not visible to systemd until daemon-reexec 1889996 - backport vconsole-setup: downgrade log message when setting font fails on dummy console 6. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update Advisory ID: RHSA-2021:2479-01 Product: Red Hat OpenShift Container Storage Advisory URL: https://access.redhat.com/errata/RHSA-2021:2479 Issue date: 2021-06-17 CVE Names: CVE-2016-10228 CVE-2017-14502 CVE-2019-2708 CVE-2019-3842 CVE-2019-9169 CVE-2019-13012 CVE-2019-14866 CVE-2019-25013 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-8927 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2020-13434 CVE-2020-13543 CVE-2020-13584 CVE-2020-13776 CVE-2020-15358 CVE-2020-24977 CVE-2020-25659 CVE-2020-25678 CVE-2020-26116 CVE-2020-26137 CVE-2020-27618 CVE-2020-27619 CVE-2020-27783 CVE-2020-28196 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363 CVE-2020-36242 CVE-2021-3139 CVE-2021-3177 CVE-2021-3326 CVE-2021-3449 CVE-2021-3450 CVE-2021-3528 CVE-2021-20305 CVE-2021-23239 CVE-2021-23240 CVE-2021-23336 ==================================================================== 1. Summary: Updated images that fix one security issue and several bugs are now available for Red Hat OpenShift Container Storage 4.6.5 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * NooBaa: noobaa-operator leaking RPC AuthToken into log files (CVE-2021-3528) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Currently, a newly restored PVC cannot be mounted if some of the OpenShift Container Platform nodes are running on a version of Red Hat Enterprise Linux which is less than 8.2, and the snapshot from which the PVC was restored is deleted. Workaround: Do not delete the snapshot from which the PVC was restored until the restored PVC is deleted. (BZ#1962483) * Previously, the default backingstore was not created on AWS S3 when OpenShift Container Storage was deployed, due to incorrect identification of AWS S3. With this update, the default backingstore gets created when OpenShift Container Storage is deployed on AWS S3. (BZ#1927307) * Previously, log messages were printed to the endpoint pod log even if the debug option was not set. With this update, the log messages are printed to the endpoint pod log only when the debug option is set. (BZ#1938106) * Previously, the PVCs could not be provisioned as the `rook-ceph-mds` did not register the pod IP on the monitor servers, and hence every mount on the filesystem timed out, resulting in CephFS volume provisioning failure. With this update, an argument `--public-addr=podIP` is added to the MDS pod when the host network is not enabled, and hence the CephFS volume provisioning does not fail. (BZ#1949558) * Previously, OpenShift Container Storage 4.2 clusters were not updated with the correct cache value, and hence MDSs in standby-replay might report an oversized cache, as rook did not apply the `mds_cache_memory_limit` argument during upgrades. With this update, the `mds_cache_memory_limit` argument is applied during upgrades and the mds daemon operates normally. (BZ#1951348) * Previously, the coredumps were not generated in the correct location as rook was setting the config option `log_file` to an empty string since logging happened on stdout and not on the files, and hence Ceph read the value of the `log_file` to build the dump path. With this update, rook does not set the `log_file` and keeps Ceph's internal default, and hence the coredumps are generated in the correct location and are accessible under `/var/log/ceph/`. (BZ#1938049) * Previously, Ceph became inaccessible, as the mons lose quorum if a mon pod was drained while another mon was failing over. With this update, voluntary mon drains are prevented while a mon is failing over, and hence Ceph does not become inaccessible. (BZ#1946573) * Previously, the mon quorum was at risk, as the operator could erroneously remove the new mon if the operator was restarted during a mon failover. With this update, the operator completes the same mon failover after the operator is restarted, and hence the mon quorum is more reliable in the node drains and mon failover scenarios. (BZ#1959983) All users of Red Hat OpenShift Container Storage are advised to pull these new images from the Red Hat Container Registry. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1938106 - [GSS][RFE]Reduce debug level for logs of Nooba Endpoint pod 1950915 - XSS Vulnerability with Noobaa version 5.5.0-3bacc6b 1951348 - [GSS][CephFS] health warning "MDS cache is too large (3GB/1GB); 0 inodes in use by clients, 0 stray files" for the standby-replay 1951600 - [4.6.z][Clone of BZ #1936545] setuid and setgid file bits are not retained after a OCS CephFS CSI restore 1955601 - CVE-2021-3528 NooBaa: noobaa-operator leaking RPC AuthToken into log files 1957189 - [Rebase] Use RHCS4.2z1 container image with OCS 4..6.5[may require doc update for external mode min supported RHCS version] 1959980 - When a node is being drained, increase the mon failover timeout to prevent unnecessary mon failover 1959983 - [GSS][mon] rook-operator scales mons to 4 after healthCheck timeout 1962483 - [RHEL7][RBD][4.6.z clone] FailedMount error when using restored PVC on app pod 5. References: https://access.redhat.com/security/cve/CVE-2016-10228 https://access.redhat.com/security/cve/CVE-2017-14502 https://access.redhat.com/security/cve/CVE-2019-2708 https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2019-9169 https://access.redhat.com/security/cve/CVE-2019-13012 https://access.redhat.com/security/cve/CVE-2019-14866 https://access.redhat.com/security/cve/CVE-2019-25013 https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/cve/CVE-2020-8927 https://access.redhat.com/security/cve/CVE-2020-9948 https://access.redhat.com/security/cve/CVE-2020-9951 https://access.redhat.com/security/cve/CVE-2020-9983 https://access.redhat.com/security/cve/CVE-2020-13434 https://access.redhat.com/security/cve/CVE-2020-13543 https://access.redhat.com/security/cve/CVE-2020-13584 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/cve/CVE-2020-15358 https://access.redhat.com/security/cve/CVE-2020-24977 https://access.redhat.com/security/cve/CVE-2020-25659 https://access.redhat.com/security/cve/CVE-2020-25678 https://access.redhat.com/security/cve/CVE-2020-26116 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/cve/CVE-2020-27618 https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-27783 https://access.redhat.com/security/cve/CVE-2020-28196 https://access.redhat.com/security/cve/CVE-2020-29361 https://access.redhat.com/security/cve/CVE-2020-29362 https://access.redhat.com/security/cve/CVE-2020-29363 https://access.redhat.com/security/cve/CVE-2020-36242 https://access.redhat.com/security/cve/CVE-2021-3139 https://access.redhat.com/security/cve/CVE-2021-3177 https://access.redhat.com/security/cve/CVE-2021-3326 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/cve/CVE-2021-3528 https://access.redhat.com/security/cve/CVE-2021-20305 https://access.redhat.com/security/cve/CVE-2021-23239 https://access.redhat.com/security/cve/CVE-2021-23240 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYMtu/9zjgjWX9erEAQh6fhAAm9UPxF0e8ubzCEae+bkQAduwCkzpQ0ND Q1/UcDAAc4ueEhBrwXPhOLrgfBj+VG+QA19YZcNPzbW7I48RGjCm5WccnUyEbFAo FKTspCZW7FkXKBU15u58c/sFCGa4/Yuu+IpqCMuZ6lR2g9WHIBKdVtaB4y59AyfS v59cAorqZ3AoTX4lVys6HfDGySQWlg5P8t6ST72cUJjESi6U0HV00P7ECU2SFxCF HXA4gbXbZ1EPb/1+UkRRnXemJuT8SaRFRTrzj9woTrVAGQFvn+yjxLbZxVZb0WDd 6QeNpiJNICfL+/ExvEmGQucf7NcekYPWud11pnRUfQ+Uqsj+I7YoaepXAAolLzvN kAVVpFNsWADOVz7BrfSKoo4b38UCFOEUSd2d1ijCNE96Q9XyNUpn+kZqz0/wpBQC L+E5N9kEuaLyDBoI0wJAfoqU1NY4Cvl6lIMDgHUv2CE10zxhFwHCDulAfcQgxNQG sIbpSgSegq9HfZSDxa6Rtrox1I7oGhnBy10sIwUUH1+fxAusUk+Xrxf8hUv8KgDz V144yrGwN/6KVxh74A60bJX3ai12l6fC8bkmsxg5K1r/Dk4tUkQeXNdBbaK/rEKO AQs7YDab/0VA2qKtXDRkbnzqBRSbamDNOO/jd28nGMoclaIRHCzQgJRFv6Qb6dwT RCrstqAM5QQ=DHD0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 5. JIRA issues fixed (https://issues.jboss.org/): TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project 6. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Bugs fixed (https://bugzilla.redhat.com/): 1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0 5. ========================================================================== Ubuntu Security Notice USN-3938-1 April 08, 2019 systemd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The systemd PAM module could be used to gain additional PolicyKit privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libpam-systemd 239-7ubuntu10.12 Ubuntu 18.04 LTS: libpam-systemd 237-3ubuntu10.19 Ubuntu 16.04 LTS: libpam-systemd 229-4ubuntu21.21 Ubuntu 14.04 LTS: libpam-systemd 204-5ubuntu20.31 In general, a standard system update will make all the necessary changes. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console. For the stable distribution (stretch), this problem has been fixed in version 232-25+deb9u11. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyrsfpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S19A//eYZPzdFbJILUh0RBa2uZAxRHrOBIb/UsDKVPu4wZrMJdPGHSZoL+R2RQ Tm1xLhFU+dgMLjfx1n70NIvg5hjPRrhD+6A8QVeU5IcsrMm7cSEFAgj3H5Cok+SN OndAGXQ/EoRrSTDUjnNA7x4H3oxlsnH8nnY4vMqLezlPimMve+hsUSmB/ggDfB9M FoZX35xUsSb/VvxdLqdVM7SFpti63XzAyYOueshaseGNR76rXkaPbXBSpzmcOhaz 9f08i1XG0IeojM0iHzBvOR8skicAPIwFXVLTCt1QE3nqzYeRhZAcq5yifAVm0A6G qzVihq36Sw1roz5uI95x/jBd+odLbSZBG3a7py7jMDsWi8lRkD3kftQVsF9OmUgE FaJtVKCydcWDRA9zWDLMG/6XqRIpDviK8DY/9dq6VkG6VHswobMs87LsrKrdb1tC SqIV2n0mvsUs+BeMI1DDZbJuoXKjHi+3hS+wLFrZ/TM+riAuUq4KbfbSR9JLQdVS D9Vq4J+hECgquS7c/YjmwNm2IdK4R8oSYs410AOmaWB/1xPzn5u5j4HMe3D6DJ6h 8H20PL1O6npyJOWGNimfZDGoxTR87Qfv72v5s59FtJzSVxGLaynsgIv0+ZO0SGH7 80/FYzsd0O4AtrZhjF0jxhwcCmCDMfNO1rEm/whQkmPhdLNxgTM=flwI -----END PGP SIGNATURE----- . Summary: Release of components for the Service Telemetry Framework 2. Description: Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. Bug fixes: * STF 1.3.3 now supports OpenShift Container Platform 4.8 as an installation platform. (BZ#2013268) * With this update, the servicetelemetrys.infra.watch CRD has a validation that limits the clouds[].name to 10 characters and alphanumeric to avoid issues with extra characters in the cloud name and names being too long. (BZ#2011603) * Previously, when you installed STF without having Elastic Cloud on Kubernetes (ECK) Operator installed, the following error message was returned: "Failed to find exact match for elasticsearch.k8s.elastic.co/v1beta1.Elasticsearch". The error was as a result of Service Telemetry Operator trying to look up information from a non-existent API interface. With this update, the Service Telemetry Operator verifies that the API exists before it attempts to make requests to the API interface that is provided by ECK. (BZ#1959166) 3. Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally. Bugs fixed (https://bugzilla.redhat.com/): 1959166 - Service Telemetry Operator can error out if ElasticSearch (ECK) CRD is not installed 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 2011603 - STF multi-cloud setup misinterprets name if a "-" is being used 2013268 - [RFE] Support STF 1.3 on OCP 4.8 5

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. SINEMA Remote Connect Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens SINEMA has an unauthorized access vulnerability that an attacker can use to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform supports efficient and secure remote access to machines and equipment distributed around the world, as well as secure management of VPN tunnels between control centers, service engineers and installed equipment. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. Spectrum Power 4 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiemensSpectrumPower is a system that provides the basic components for SCADA, communication and data modeling of control and monitoring systems

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Graphics Performance Analyzer for Linux is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Graphics Performance Analyzer 2019 R1 are vulnerable. It only needs to provide functions such as graphics analysis and optimization. The vulnerability stems from the lack of effective permission and access control measures in network systems or products

Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Media SDK is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Media SDK 2018 R2.1 are vulnerable. This product is mainly used for video encoding, decoding and processing in Windows and embedded Linux applications. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. plural Reolink The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reolink Digital Technology RLC-410W is an IP camera produced by Reolink Digital Technology Company in Hong Kong, China. There are security vulnerabilities in several Reolink products. Attackers use the 'TestEmail' function to exploit this vulnerability to inject and execute operating system commands with root privileges. The following products and versions are affected: Reolink RLC-410W 1.0.227 and earlier; C1 Pro 1.0.227 and earlier; C2 Pro 1.0.227 and earlier; RLC-422W 1.0.227 and earlier; RLC-511W 1.0 .227 and earlier versions

Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. Check Point IKEv2 IPsec VPN Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. AutoMobility Distribution Inc Smartphone app " MyCar Controls Is a hard-coded management authentication information that can be used as an alternative to the username and password when the user communicates to the server endpoint (CWE-798) Exists.A remote unauthorized third party may send commands to or obtain data from the product. AutoMobility Distribution MyCar Controls is prone to a security-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.